0bb7e3c0492d977fe3b32844b0bccec70a808c2f7a2e36ab0942ed8101d54783

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.lnk
Size

344B
MD5

4c2a7c403e0c28333f645a363f606da8
SHA1

fe61f5e318e323fab9af329245e4bba6128aa5c6
SHA256

c755fd0b870f2367e644f899afd720c4aee7b019b5584a14421c407e7910de14
SHA512

8516481f41413d3ec958a07af39aad889840f964d7cb1f8027142f9c65abea9821e3bf2fcfdd9fb2b1c676031d3096d478bf06586deaaac05a7d451b0c2146e5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc233000000000200000000001066000000010000200000008844a327f82397116dcae473dbbfc9ddf9fdece6eaad8df1cd9eae89c7523f3c000000000e80000000020000200000004822e1540ddd32cc26060a23f2df54f0565d9ff9144254cddcf6ba70493dc9ea90000000c0e304b60f60e7a497ef1a454fe4997e385d9da771bc15de2970378e5608ddd018a2a3de2869c65848763d860e3bbb6d2e5a0531f98eb2e07eb0fb399bae8b5d208bbf145e84d63be10621fce9f79821af9667b2b20d6447e50659845a4d8dba2b65bda6b849c4219c02b026b7b77db6c111c077a2b9a01b46cea1346fa5f69f6cb575c6aa5e50d5daa5b55c5742f1cd40000000fb6df57436168132bd7574bd022a125b55acab67a37ea9deb4e101cc9061fdb1bbcbede64ec46c6d0625152117621dda1db5cce243160ded8e86106158473d6d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a04c9c53e192da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419751778"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7C4543A1-FED4-11EE-AD30-660F20EB2E2E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc2330000000002000000000010660000000100002000000025bd3efe02e5b31c96368006fb558f833fe5c0295da02da646f80812a45da764000000000e8000000002000020000000dda25eaeb8ff7bc36f430f85a6876e9110a095b7b0f7624a266824baaa843f9a2000000025753d98b41873e8049f19f67bdde0c2078b4c92242bb14dd9ae30f72f352d0940000000af0da3a71b7e03fd6ce006d6fedec66f4c3e084c13a10d65bf9b74717379a9c83ae3e021018468ca20e260d08c10b115acf74dbcc7517ca62cfdf112c75cdf11	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2660 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2660 iexplore.exe
2660 iexplore.exe
2548 IEXPLORE.EXE
2548 IEXPLORE.EXE
2548 IEXPLORE.EXE
2548 IEXPLORE.EXE

pid	process
2660	iexplore.exe

pid	process
2660	iexplore.exe
2660	iexplore.exe
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

cmd.exeiexplore.exe

description	pid	process	target process
PID 1992 wrote to memory of 2660	1992	cmd.exe	iexplore.exe
PID 1992 wrote to memory of 2660	1992	cmd.exe	iexplore.exe
PID 1992 wrote to memory of 2660	1992	cmd.exe	iexplore.exe
PID 2660 wrote to memory of 2548	2660	iexplore.exe	IEXPLORE.EXE
PID 2660 wrote to memory of 2548	2660	iexplore.exe	IEXPLORE.EXE
PID 2660 wrote to memory of 2548	2660	iexplore.exe	IEXPLORE.EXE
PID 2660 wrote to memory of 2548	2660	iexplore.exe	IEXPLORE.EXE

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\.lnk
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.newasp.net/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2578ba959289819946d018f598254843

SHA1
e7d0bcbbeedbf1c91f849aab9a31e9fc6455f6c2

SHA256
f20b9e200715df70baf0016c81ab5a856365f4d5edd5141e10d6b8105ccb80a3

SHA512
4c953a03b53efab7d902900f4dac294c3640d2af5018abca771a5ef22315ace4e8b32d01055295b78526c68c83fa453575cc313d7f2128ac956dd6f97825dc6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52b33e871ae5520cb64ac64062d8b3f9

SHA1
dd1fa857b8d2d49eaa901b6b282a2ce009abc887

SHA256
ae21f2ff39b774f99e98b8cda6e0cabd340e6afdbcc27b75a823c1ebcb602774

SHA512
fcbc00212ca62c4f736776f22c81daae55b19ad13eba6c93a6868906b3cd4414059e820720f8e57785f2bdbb986902dba421f789fdbb3d11b9b1d71bab702ac1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
421108833162b91160d9e38a4d70e740

SHA1
3d7a15e27728d08b8b9b1ec8f4d362ea6e0071b8

SHA256
4302d207cb61e8c23eec7e40840226a64dd066c1ca927a1db39b4f562e532b44

SHA512
95dfeb92463ebe52378ee94a7dfd440e244566304be8c175d86bcb2337efda845083364fe8af19a7dac8c9c3f8dcbfb5d720047673b84ad71d650519c8077fc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
157c6a66b1b00e0223c704984e220c23

SHA1
37e87c89d64ccdd77d6a2cff7c4e9bd3193b7fde

SHA256
7de77eab117aa894b5fae98217c27efed0e67b44f036fd494788dcf6e1157f59

SHA512
0cef98b1eb6d45b36a03ecd8c36f5801def5a7f62728096e8642af3f99198cb12b92c372abf5d81d3f778f345d74843d9331687d8ab5a75124c203256105569b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14c97ca87aad8645cec8ec8536885627

SHA1
3cd3c1be0839756adaa82f258a528f74e5b21c42

SHA256
5b4f0c9d11715ad200d96d13de23eb258f9db1e4aedbfe1784164d36b3833d93

SHA512
e86d8dd2a871f56b9e299d7afbd9f3cc0697cbcb3ad80261bd9ce535f5a69bc1736b4f00c02dd8258ba36da519b0a3d3d8dca7f87f6bc8aed2653f6ad9863c18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
769df7b24ec108503505bd132db69575

SHA1
846c63395502a512b8bda5c707f03e4efa28b14c

SHA256
f6c15c2a2657de4e2a572016a906e097b4588d742440ebf17136fdc00dc6871a

SHA512
d8d0d304fbcbaf02c2d812c6700b0f6cb6bf68bf62917bef8e0b898d0904e09d03b8950e52e9d81a26921acadfdc91f13728eaf8c52a43744c51871e65bf33c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fa1c9a1f49200306d5502afda78b93e

SHA1
e6009173fa6d237cd5d93d426f0dc8951a7b01ec

SHA256
72fb9c16a04a91f8a607ce34cd20a059e37dc564b5de6104fc4d9b661b2a3deb

SHA512
cf62bce4dbe076579150e7e7b15e2e4130015cbfeb3918970e2c6809337a46ce607f727896e9280a1ea9b31159e4872781853213b541824e57bcf2e06d117bd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42ddf3190a805e47e08e99494e9958a1

SHA1
f52813fe1982520347873734be525becfb6be199

SHA256
40931cec0aff39006d74d599314c16cad5247cc9418cd7f2b84bf42a7b6ca41c

SHA512
f86dca87f1f5a6c85d828c053fd098e07689fdd5a2cd6b857fd4bc81f5b2cde9333ac7b46c804c6fff445649075fc7832f5640c8e93cba8bbb9d045b407c349a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d9963f310a056e1a4da7e7747fc9458

SHA1
40fac582865faef0b0c5182ee3eb134148d0cf64

SHA256
1f5717a0ea56ca703262ca081b8ea8a19fedd7449125e2309489f9a89a3772ee

SHA512
59a9a08f81bb152e3f6ea3f75dfcfdec4eab72b049812aa74a6b4ec5b0d5fd5c1dc38f01fa9db7830c8cb21475d5d064fe93684173cd697681204efd2f74c608

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4636.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4757.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit